Social engineering manipulates individuals to gain access to sensitive information or perform certain actions. When this takes place over email, phone ("voice"), or text message ("SMS"), this is known as phishing, vishing, or smishing.
Phishing messages often appear to come from legitimate sources like coworkers, financial institutions, or commercial retailers. Scammers use phishing to trick you into divulging sensitive information, clicking malicious links, downloading malware, or making unauthorized purchases.
Please report all potential phishing messages to ANR IT (help@ucanr.edu). While we can't currently block individual addresses, we want to keep an eye on the threat landscape.
How to identify phishing
The strongest indicator of phishing content is urgency because scammers are trying to make sure you don't have time to realize what's wrong. However, they might also rely on simplicity, trying to make the message seem inconspicuous. Here's what it might look like:
- Your email account will be deleted due to inactivity in 24 hours. If you are still using this account, submit an appeal [click here]
- Act now [click here] to claim your prize!
- Can you do me a favor? I'm a Vice President, and I need you to buy a gift card for our coworker's retirement party right now!
- A document has been sent to you for review: View Document [click here]
Tips to avoid getting phished
- Be cautious when opening unsolicited messages from unfamiliar email addresses or phone numbers.
- Scammers often ask for gift cards as a favor, and they might impersonate positions of authority and exploit your trust for this.
- If you receive a message with an unexpected link or file attachment, reach out to the sender through alternative means (phone, email, Slack, etc.) to verify their intent.
- Always stop and think about whether it makes sense that an email or text message is trying to get you to take some action quickly.
How to view original message headers
When you report phishing, we might ask you to send us the original email headers so we can investigate the exact path the phishing message took to get to your inbox. This can help us rule out false positives.
New Outlook
View message details
This is the preferred method for viewing message headers.
- Select the phishing message to view its contents in a reading pane.
- At the top right of the reading pane, past the "Reply/Reply all/Forward" buttons, select the "..." (three dots) and go to View > View message details.
- The message headers will be in the "Message details" window that appears.
- Copy and paste the headers into your ServiceNow ticket.
Save as EML
This shows the entire original message, which contains headers as well as body text.
- Select the phishing message to view its contents in a reading pane.
- Go to File > Save as > Save as EML.
- Upload the EML file to your ServiceNow ticket. You can also open the EML in a text editor and copy and paste the contents into your ticket.
Classic Outlook
Internet headers
This is the preferred method for viewing message headers.
- In your inbox, double-click the phishing message to open it in a new window.
- Go to File > Info > Properties. In the Properties window, the email headers will be in the box for Internet headers.
- Copy and paste the headers into your ServiceNow ticket.